Defending the Digital Frontier: A Security Agenda [Hardcover]

Ernst & Young LLP (Author), Mark W. Doll (Author), Sajai Rai (Author), Jose Granado (Author)

Book Description

Publication Date: December 20, 2002

"The charge of securing corporate America falls upon its business leaders. This book, offered by Ernst & Young and written by Mark Doll, Sajay Rai, and Jose Granado, is not only timely, but comprehensive in outlook and broad in scope. It addresses many of the critical security issues facing corporate America today and should be read by responsible senior management." --Former Mayor of New York, Rudolph W. Giuliani

"To achieve the highest possible level of digital security, every member of an organization's management must realize that digital security is 'baked in,' not 'painted on.'" --from Defending the Digital Frontier: A Security Agenda

Like it or not, every company finds itself a pioneer in the digital frontier. And like all frontiers, this one involves exploration, potentially high returns . . . and high risks.

Consider this: According to Computer Economics, the worldwide economic impact of such recent attacks as Nimda, Code Red(s), and Sircam worms totaled $4.4 billion. The "Love Bug" virus in 2000 inflicted an estimated $8.75 billion in damage worldwide. The combined impact of the Melissa and Explorer attacks was $2.12 billion. Companies were hurt as much in terms of image and public confidence as they were financially. Protecting the "digital frontier" is perhaps the greatest challenge facing business organizations in this millennium. It is no longer a function of IT technologists; it is a risk management operation requiring sponsorship by management at the highest levels.

Written by leading experts at Ernst & Young, Defending the Digital Frontier: A Security Agenda deconstructs digital security for executive management and outlines a clear plan for creating world-class digital security to protect your organization's assets and people. Achieving and defending security at the Digital Frontier requires more than just informed decision-making at the top level. It requires a willingness to change your organization's mindset regarding security. Step by step, Defending the Digital Frontier shows you how to accomplish that.

With detailed examples and real-world scenarios, the authors explain how to build-in the six characteristics that a world-class digital security system must possess. You must make your system:
* Aligned with the organization's overall objectives.
* Enterprise-wide, taking a holistic view of security needs for the entire, extended organization.
* Continuous, maintaining constant, real-time monitoring and updating of policies, procedures, and processes.
* Proactive to effectively anticipate potential threats.
* Validated to confirm that appropriate risk management and mitigation measures are in place.
* Formal, so that policies, standards, and guidelines are communicated to every member of the organization.

An intrusion is bound to occur to even the most strongly defended systems. Will your organization be prepared to react, or lapse into chaos? Defending the Digital Frontier introduces the Restrict, Run, and Recover(r) model that guides organizations in formulating and implementing a clear, enterprise-wide, Agenda for Action to anticipate, detect, and react effectively to intrusions. You will learn how to roll out an effective Security Awareness and Training Program, establish Incident Response procedures, and set in place Digital Security Teams to control damage and manage risk in even worst-case scenarios. The digital threat knows no borders and honors no limits. But for the prepared organization, tremendous rewards await out on the digital frontier. By strengthening collective digital security knowledge from the top down and developing a rock-solid, comprehensive, on-going security agenda, every organization can build a secure future. Defending the Digital Frontier will get you there.

Editorial Reviews

From the Inside Flap

"To achieve the highest possible level of digital security, every member of an organization’s executive management must realize that digital security is ‘baked in,’ not ‘painted on.’"
–from Defending the Digital Frontier: A Security Agenda

Like it or not, every company finds itself a pioneer in the digital frontier. And like all frontiers, this one involves exploration, potentially high returns . . . and high risks.

Consider this: according to Computer Economics, the worldwide economic impact of such recent attacks as Nimda, Code Red(s), and Sircam worms totaled $4.4 billion. The "Love Bug" virus in 2000 inflicted an estimated $8.75 billion in damage worldwide. The combined impact of the Melissa and Explorer attacks was $2.12 billion. Companies were hurt as much in terms of image and public confidence as they were financially. Protecting the "digital frontier" is perhaps the greatest challenge facing business organizations in this millennium. It is no longer a function of IT technologists; it is a risk management operation requiring sponsorship by management at the highest levels.

Written by leading experts at Ernst & Young, Defending the Digital Frontier: A Security Agenda deconstructs digital security for executive management and outlines a clear plan for creating world-class digital security to protect your organization’s assets and people. Achieving and defending security at the digital frontier requires more than just informed decision-making at the highest level. It requires a willingness to change your organization’s mindset regarding security. Step by step, Defending the Digital Frontier shows you how to accomplish that.

With detailed examples and real-world scenarios, the authors explain how to build in the six characteristics that a world-class digital security system must possess. You must make your system:

• Aligned with the organization’s overall objectives
• Enterprise-wide, taking a holistic view of security needs for the entire, extended organization
• Continuous, maintaining constant, real-time monitoring and updating of policies, procedures, and processes
• Proactive to effectively anticipate potential threats
• Validated to confirm that appropriate risk management and mitigation measures are in place
• Formal, so that policies, standards, and guidelines are communicated to every member of the organization

An intrusion is bound to occur to even the most strongly defended systems. Will your organization be prepared to react, or lapse into chaos? Defending the Digital Frontier introduces the Restrict, Run, and Recover® model that guides organizations in formulating and implementing a clear, enterprise-wide Agenda for Action to anticipate, detect, and react effectively to intrusions. You will learn how to roll out an effective Security Awareness and Training Program, establish Incident Response procedures, and set in place digital security teams to control damage and manage risk in even worst-case scenarios.

The digital threat knows no borders and honors no limits. But for the prepared organization, tremendous rewards await out on the digital frontier. By strengthening collective digital security knowledge from the top down and developing a rock-solid, comprehensive, on-going security agenda, every organization can build a secure future. Defending the Digital Frontier will get you there.

From the Back Cover

Praise for Defending the Digital Frontier

"The charge of securing corporate America falls upon its business leaders. This book, offered by Ernst & Young and written by Mark Doll, Sajay Rai, and Jose Granado, is not only timely, but comprehensive in outlook and broad in scope. It addresses many of the critical security issues facing corporate America today and should be read by responsible senior management."
–Rudolph W. Giuliani
Former Mayor of New York

"Security is no longer just a technical issue. It needs to be managed holistically across physical and digital infrastructures as part of a wider program of risk management. That’s exactly what CA’s eTrust security solutions deliver. This is a must-read for all executives that have spent millions on information technology and have not thought about the risks. This book is a wake-up call to busy executives that think their digital assets are secure."
–Sanjay Kumar
President and CEO
Computer Associates International, Inc.

"Security can no longer be viewed simply as a necessary defensive expense. As enterprises open up their networks to millions of customers and partners around the world, security must be seen as an essential business enabler. This book demonstrates how complex network security has become, and points to the need for senior management to seek more sophisticated security management solutions, including organizational changes, in our increasingly connected world."
–John W. Thompson
Chairman and CEO, Symantec

"As companies expand their businesses outside of their traditional corporate boundaries, they encounter a whole new set of challenges related to securing their company’s assets. This book provides executives with a perspective on how to protect their company’s digital assets as they compete at the edge of the digital frontier."
–Barry Bycoff
Chairman, President and CEO, Netegrity

See all Editorial Reviews

Product Details

• Hardcover: 280 pages
• Publisher: Wiley; 1 edition (December 20, 2002)
• Language: English
• ISBN-10: 0471221449
• ISBN-13: 978-0471221449
• Product Dimensions: 9.2 x 6.4 x 0.9 inches
• Shipping Weight: 1.1 pounds
• Average Customer Review: 4.4 out of 5 stars  See all reviews (8 customer reviews)
• Amazon Best Sellers Rank: #3,195,260 in Books (See Top 100 in Books)

More About the Author

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

Most Helpful Customer Reviews

4 of 4 people found the following review helpful:

4.0 out of 5 stars A Practical Guide to Developing A Security Program, January 23, 2003

By A Customer

This review is from: Defending the Digital Frontier: A Security Agenda (Hardcover)

With my corporation having worked with Ernst & Young's Security & Technology Solutions group over the years, my colleagues and I have come to respect them as among the most practical and knowledgeable security professionals in the field of IT security. Defending the Digital Frontier nicely reflects E&Y's experience and practices, providing easy-to-understand concepts and insights involving the implementation of a realistic security program.

My only wish is that the book provided more case examples of actual corporate security incidents, including a description of the financial losses and other impacts experienced by the victimized company, plus how the event was handled (both right and wrong). Such "lessons learned" should be more widely communicated. Having companies as well as firms like E&Y share their security incident experiences would contribute greatly to improving our ability to properly respond to security threats.

3 of 3 people found the following review helpful:

5.0 out of 5 stars Answered Prayer, February 19, 2003

By A Customer

This review is from: Defending the Digital Frontier: A Security Agenda (Hardcover)

I've been in the business game for a long time (26 yrs). During that time I've learned many things, sometimes willingly, sometimes by force. I have to admit that I was resistant to the idea of adopting the internet, especially when it came to transacting with my clients and customers. As we've all learned though, with digital and internet technologies growing by leaps and bounds, its a necessary evil. So being my pesimist self I've become semi-obsessed with understanding as many aspects of digital security, because if I don't understand it, then I can't very well expect my clients to have faith in my promises, can I?

"Defending the Digital Frontier: A Security Agenda" is the first book i've read, and I've read plenty, that is written so the right people can understand it. The "techies" already understand this stuff, but the people who make the decisions (e.g. how much budget those techies get to keep your netwrok secure), like the CEO and CFO, have never had it portrayed as a priority, like Mark Doll has been able to do in this book.

I usually don't review books, but with all of the recent news about networks being compromised, like the 8 million credit cards stollen this past week, I felt it was my responsibility to make sure I said my piece.

Buy it, read it, and use it, for yourself and for your customers.

3 of 3 people found the following review helpful:

4.0 out of 5 stars An excellent read, January 13, 2003

By 

"sam1349" (MD) - See all my reviews

This review is from: Defending the Digital Frontier: A Security Agenda (Hardcover)

I found this book to be a great read aimed at the non-tech executive. It explains the issues and provides the answers in clear, understandable terms, and gives real-world scenarios to back them up. It even provides a how-to-implement section that companies can fit into their structure. Overall, it balances the two issues that usually are at odds with each other: security and the bottom line. I highly recommend this book for anyone who wants to understand the threats companies face today, and the way to work around them.